2. The scheme was successful in attracting over one
million people back into learning. However, in November 2001,
a fortnight after announcing the planned suspension of the scheme
with effect from December, the Government withdrew it following
allegations of fraud and abuse. Total expenditure is likely to
exceed £290 million against a budget of £199 million
(Figure 1).[2]
The scale of fraud and abuse could amount to £97 million,
including £67 million fraud.[3]

Figure 1: ILA Expenditure on National Delivery (£ million)

Income

Expenditure

DfES Budgets & TEC contributions for ILAs (1)

Incentives for training

Delivery costs (2) - Capita contract

Policy development/ programme support (consultancy/ evaluation)

Total (3)

Forecast for final outturn and overspend.

2000-01

70.0

51.8

15.6

2.6

70.0

70.0

2001-02

129.0

183.1

20.5

1.1

204.7

222.6

2002-03

0.0

0.2

1.5

0.5

2.2

0

Total

199.0

235.1

37.6

4.2

276.9

292.6

Budget

199.0

199.0

199.0

Overspend

77.9

93.6

Notes

(1) Includes the TECs' contributions to the budget
for ILAs delivered by the national framework, i.e. after deducting
cost of locally delivered ILAs.
(2) In 2000-01 some ILAs were delivered by a unit set up by TECs
in the South-East. Figure includes £264,000 in management
fees in 2000-01.
(3) Payments at closure of 01-02 Accounts (30 October 2002).

3. On the basis of the Comptroller and Auditor General's
Report, the Committee examined the management of risk in designing
and implementing the scheme, the effectiveness of monitoring,
the Department's relationship with Capita, who operated the scheme,
the level of fraud and abuse and the actions taken, and the lessons
learned. We draw four main conclusions.

The Department had 5 years to put in place arrangements
to implement the Government's commitment to have 1 million individual
learning accounts by March 2002. While the Department undertook
extensive piloting to test innovative schemes, these did not provide
workable solutions, and the scheme implemented was not well thought
through or tested and was implemented in too short a time. While
the tight timetable was of the Department's own making, after
the pilots did not work it should have re-planned the project
and ensured full testing before implementation, rather than over-ride
sound project and risk management.

Good risk identification and management is essential
in major projects, especially those that involve innovative solutions.
However, the Department's risk assessment and risk management
were not fit for purpose, and were driven more by concerns that
the scheme would not attract sufficient new learners. As a result,
the Department did not give enough weight to advice received on
the risks of fraud and abuse and about quality of training. Had
the Department done so, and drawn on the work of this Committee
and experience of counter-fraud strategies elsewhere in the public
sector, it would have been able to build counter-fraud measures
into the design of the scheme rather than react to events.

To encourage new providers and new learners,
the Department decided to minimise bureaucracy, including checks
on learners, on providers and on the quality of learning. They
should have matched this innovation with more rigorous and incisive
monitoring downstream, but failed to do so. As a result, they
were slow to identify emerging problems, including substantial
fraud and abuse.

The Department contracted the operation of the
scheme to Capita. However, the contractual arrangements were weak
and the Department and Capita did not develop the partnership
arrangements necessary for success. This was a major factor in
the problems that arose and also meant that the Department bore
more of the key risks than planned.

The Accounting Officer was frank in acknowledging
the shortcomings of the scheme, and in regretting that they had
occurred. He was however less able to assist the Committee in
getting at the specific reasons why they had been allowed to occur.
Acceptance of responsibility is important, but so is the need
for Accounting Officers to provide convincing assurance that weaknesses
have been properly analysed and understood so that the necessary
improvements can be identified and implemented.

4. Our more specific conclusions and recommendations
are as follows.

(i) Despite looking for an innovative
solution, the design of the scheme was not informed by a formal
risk analysis, and risks identified in the pilots, especially
on fraud and the quality of training, were not addressed sufficiently.
The risk register was not put together on a systematic basis,
and although it was reviewed monthly not all issues were actively
pursued. The Department should complete its review of risk and
risk management arrangements quickly, to ensure that they reflect
best practice. Revised arrangements should be accredited by Internal
Audit.

(ii) Because the Department wanted to encourage
people back into learning, and new providers to enter the market,
it decided not to impose quality controls. To rely instead on
learners and market forces to ensure that inefficient or effective
providers were replaced was naïve, given that many of the
people the Department was trying to encourage into learning were
those least able to assess the quality of the training on offer.
It also ignored evidence from the pilots that the scheme was most
likely to be successful where new learners had advice from intermediaries
such as community groups and trades unions.

(iii) In its current review of adult learning
provision, the Department should ensure that potential learners
have sufficient information and advice to make reasoned choices
about the courses on offer. It should also consider accrediting
providers, as the public tend to presume that learning funded
under a Government initiative has its endorsement.

(iv) In the absence of quality assurance,
the decision to give a positive incentive to providers to recruit
learners was fundamentally flawed. It encouraged a substantial
number of unscrupulous providers to undertake aggressive marketing,
and combined with control weaknesses created the environment for
fraud and abuse. Innovative schemes such as this should be more
rigorously piloted and tested to identify the risks, and allow
effective risk management.

(v) Although the Department commissioned
a demand model for the number of accounts, the absence of a business
model, sensitivity analyses and contingency arrangements, left
it poorly prepared to take action when demand exceeded the funds
available. In the event, the reactive steps taken to stem demand
were ineffective, as providers found ways around them. The Department
should build the need for sound business planning into its procedures
for all major projects, especially those including substantial
innovation.

(vi) Because of ineffective monitoring,
the Department was not aware of unusual patterns of activity,
including very large payments to individual providers. Only belatedly
did it realise that the apparent "success" of the scheme,
as reflected in spending over budget, was an indicator of significant
fraud and abuse. As part of revised risk management procedures,
the Department should develop its monitoring arrangements, including
exception reporting especially on those areas highlighted in risk
assessments.

(vii) Capita could have done more to insist
that its concerns about risk of fraud and the necessary controls
were taken seriously, but felt restricted by the lack of a place
on the Project Board. All departments should ensure that private
sector partners are integrated effectively into project management
arrangements, and that partners can escalate concerns to senior
staff, including the Accounting Officer.

(viii) Although the contract involved risk
sharing, it did not clearly define areas where risks were shared
and in practice more risks remained with the Department than planned.
In any future contracts risks and any risk sharing should be clearly
identified and effective, drawing on guidance from the Office
of Government Commerce.

(ix) Security arrangements were not clearly
specified in the contract, concerns raised during procurement
were not addressed, guidance was not followed, usage monitoring
was inadequate and the robustness of Capita's systems was not
independently tested. While there is no evidence of unauthorised
access to the systems, a major flaw was the ability of authorised
providers to access unused accounts and in one case to offer them
for sale. Responsibilities and requirements for IT security should
be spelt out clearly in contracts, any concerns raised during
procurement should be addressed, and IT procedures should be rigorously
tested.

(x) It may be two years before the level
of fraud and abuse is clear and action against those involved
completed. The Department should follow through this work rigorously,
and should also keep its Counter Fraud Strategy and revised counter-fraud
measures under review.

(xi) Internal Audit was involved in the
project from the outset, as part of the project board. But it
did not provide the independent check and assurance that the Accounting
Officer needed. In part, this appears to be because it accepted
management views about the need for light touch controls, to ensure
the effectiveness of the scheme, and did not follow-up concerns
raised at various stages about the risks involved. In addition,
its planned review of Capita's systems was deferred. The Department
should look again at the way it involves Internal Audit in projects.
The aim should be to obtain their advice on risks and risk management
at key stages on design and implementation, though those involved
would need to be independent of subsequent internal control reviews.

6. Risks were highlighted during the design and pilot
stages.However, the design was not informed by a formal
risk analysis. Although the Department compiled a risk register
and reviewed it monthly, it was not put together on a systematic
basis and not all issues were actively pursued to ensure risks
were minimised. The Department's assessments that risks were low
were influenced by the low value of individual transactions, despite
past experience of the vulnerability to fraud in franchised and
distance provision identified in this Committee's report on Halton
College, and advice from the Further Education and other sectors.
Neither did the Department draw on experience elsewhere in the
public sector on countering fraud. The fraud risk was not re-assessed
as high until summer 2001, a few months before the scheme was
shut down.[6]

7. The pilots also identified concerns about the
lack of quality assurance arrangements, reinforced by the Learning
and Skills Council and some providers. However, the Government
wanted to encourage more flexible delivery of learning through
a wider range of providers and, in particular, those operating
in niche markets and those attracting new, non-traditional learners.
So, in order to keep the scheme administratively simple, the Department
decided not to impose quality controls. Instead it decided to
rely on learners and market forces to ensure that inefficient
or ineffective providers were replaced. Thus, while the Department
required providers to be registered with the Individual Learning
Account Centre, it did not subject them to quality assurance.
By November 2002, there were 8910 registered providers, some of
which were new ventures with no previous involvement in publicly
funded education or training. The Department consider that the
vast majority of providers were good, or new providers who had
the potential to provide different types of training. But there
had been a group who abused the scheme.[7]

8. Learners could choose with whom to undertake their
learning, but those whom the Department wanted to attract were
least likely to be able to compare different providers. In some
small-scale pilots, this had been overcome where intermediaries,
such as community groups and trades unions, provided the advice
learners' needed. However, the Department's decided to concentrate
the marketing of learning accounts via learning providers. Research
suggests that 45% of account holders first heard of the scheme
from providers and many courses were not appropriate to learners'
needs. The Department accept that the decision not to have more
checking of providers was the fatal flaw in the arrangements.[8]

9. The Department's Internal Audit was involved in
the project board overseeing the development of the project. It
was instrumental in requesting a project health check in March
2000, which highlighted risks in the arrangements. These included
the difficulty in estimating demand and timing, shortage of relevant
skills in the Department to manage such a large project, the absence
of project quality control procedures, gaps in the risk register
and inadequate contingency planning. However, Internal Audit had
not escalated any remaining or subsequent concerns to the Accounting
Officer. The Accounting Officer told us that this was because
Internal Audit had taken into account the Department's decision
to take some risks, and have "light touch rules" to
get more people into learning, and like others in the Department
did not at the time believe that was a wrong decision. He concluded
that while he had a lot of confidence in Internal Audit, in this
case they had not provided the independent assurance they should
have.[9]

11. The Department commissioned a detailed demand
modelling exercise in Spring 2000, which estimated that 1.3 million
accounts would be opened in the first year rising to 1.9 million
accounts by 2005. But there was no sensitivity analysis and no
business model, and despite the forecast number of accounts, the
Department did not develop contingency arrangements if demand
exceeded their plan for 1 million accounts. Capita did draw up
business plans which included the possibility of higher volumes,
but the Department took little notice of them because it expected
to have difficulty attracting learners, based on pilots involving
Training and Enterprise Councils in 1998 and 1999.[11]

12. As a result, the popularity of Individual Learning
Accounts took the Department by surprise. Even though by the end
of April 2001, 781,000 accounts had been opened in England, the
Department was still considering a marketing strategy to encourage
take-up and it was not until early summer 2001 that the Department
recognised that the target number of learners, and the budget,
would be exceeded.[12]

13. Capita provided weekly, monthly and annual activity
reports on the number of accounts opened, expenditure, number
of complaints and performance against agreed service targets.
But the Department did not employ sufficient resources to review
them. Crucially, Capita did not include any "exception reports"
highlighting unusual items of activity or particularly large claims.
The lack of effective review of management information stemmed
from the mistaken assessment of the risk of fraud from the outset.
It meant that the Department was not aware of very large payments
to some providers (20 providers claimed over £1.5 million
and two more than £6 million) until some six months later
than it should have been.[13]

14. Concerns about aggressive marketing, such as
stopping people in the street and offering them incentives to
open accounts, arose as early as December 2000. However, while
the Department suspended both providers it did not prosecute on
legal advice, because the providers had been exploiting loopholes
in the scheme rather than committing fraud. At the time, the Department
did not think this was replicated across the rest of the scheme,
but it became a feature in 2001, and should have been spotted
and dealt with earlier.[14]

15. The Department accepts that as the scheme had
been designed to minimise the bureaucracy involved, downstream
monitoring should have been stronger. Monitoring was inadequate
and key signals had not been picked up, because the Department
had been focused on getting to the one million target, and a lot
of the risk management that took place was directed towards that.
The Department saw the rising number of accounts as a success
in stimulating learning rather than a problem. Initially the budget
overspend raised the alarm, and only when the Department looked
at this alongside the other evidence did it see the other problems
growing in the scheme. The action taken to stem the growth of
the scheme, including ending the £150 incentive scheme in
July 2001, failed as people found other ways to attack the system,
particularly the 80% discount arrangements. The Department closed
the scheme when it became clear that it could not be stopped in
any other way.[15]

17. In June 2000, the Department signed a contract
with Capita to develop and operate the scheme. Capita was to operate
a call centre for enquiries about accounts as well as an administrative
centre for registering learners and providers, processing new
accounts, maintaining records of learning started and notifying
the Department of amounts owing to providers.[17]
Project risks were shared between the Department and Capita; for
example Capita carried the risks of delivery of the technical
solution to tight timescales, and of providing the capacity to
support demand levels. But in practice more of the risks remained
with the Department than planned, and there was insufficient clarity
in areas where risks were shared with Capita.[18]

18. Although the Department envisaged a partnership
with Capita, the relationship developed as a more traditional
purchaser/supplier arrangement. The Department excluded Capita
from the project board, even though Capita asked to be there,
because its presence would have restricted open discussions of
policy, and there was no sharing of risk assessment and management
or discussion at senior levels about what was happening on the
scheme. The Department considered that Capita might have shouted
louder about emerging issues at various points. The Chief Executive
of Capita agreed that he should have escalated issues (for example
on the distribution of over eight million blank forms to providers)
to the Accounting Officer and even to the Secretary of State,
although this was difficult to do in public private partnerships.[19]

19. Capita devised its systems on the understanding
that all providers would be accredited or registered with the
Further Education Funding Council, Training and Enterprise Councils
or awarding bodies, and pre-registered with the learndirect
learning opportunities database. However, when the scheme was
launched this database was not in place, and was never used for
this purpose because of incompatibilities between records, and
because the Department was not intending to accredit providers.[20]
The specification also required the appointed contractor to carry
out checks on the eligibility of the learner and of learning support.
But as the learndirect database was still under development,
the contract included interim provision for providers to self-certify.
When the Department dropped the requirement for providers to be
registered with the database, the interim provisions were not
updated, leaving the system vulnerable to ineligible claims.[21]

20. Capita's role included developing and testing
IT systems and security and its bid acknowledged the need for
rigorous procedures to ensure data, programmes and documents were
secure from unauthorised access and the importance of making the
overall design robust with minimal chance of fraud and collusion.
However, Capita did not pursue these points, and although KPMG
identified the need to test the robustness of Capita's security
arrangements, the Department did not do this and a planned review
of Capita's systems by the Department's Internal Audit due in
April 2001 was postponed until October 2001. Cap Gemini Ernst
& Young's subsequent review of Capita's security system for
the Department found that the contract did not include clear mandates
on IT security, existing government guidelines had not been followed,
usage monitoring was inadequate and no procedures had been established
to ensure adherence to the security policy.[22]

21. While there is no evidence of unauthorised access
to the system, some authorised learning providers made inappropriate
use of it to gain access to unused accounts, some repeatedly during
the last days of the scheme so that they could register learning
as having started and claim the funding in respect of it. One
such provider had offered to sell details of unused accounts and
there were allegations of a large number of account details in
circulation, and it was this chain of events that led to the decision
to close the scheme immediately. The providers involved are under
investigation.[23]

22. Following cancellation of the scheme, the contract
with Capita continued while they were working with the Department
on pursuing fraud and recovering money. The Department was also
considering whether to launch a successor scheme and had agreed
to work with Capita in developing arrangements for this, but the
decision on whether Capita would be the delivery partner was subject
to satisfactory progress and the outcome of negotiations with
them. In the event, in October 2002 Ministers took the decision
to consider any replacement arrangements as part of a wider review
of the funding of adult learning and the development of the wider
National Skills Strategy.[24]

23. Up to April 2002, the Department had paid Capita
some £31.5 million out of the £55 million due under
the full contract. Capita told us that it had still made a profit
on the contract, although it had suffered a loss of reputation.
In January 2003 the Department reached a settlement with Capita
on outstanding sums due. This involved a net final payment of
£1.5 million, some £1 million less than the estimated
contractual entitlement. This takes into account termination charges
due to Capita, the return of part of the profits generated by
Capita under the contract Benefit Sharing Arrangements, and that
the Department has made no payments to Capita since April 2002.
The settlement figure was mutually agreed through negotiation
to reflect a settlement acceptable to both parties based on Capita's
delivery of the ILA system and the shared desire to conclude the
wind-down of the original scheme.[25]
In addition, at no charge, Capita will continue to provide support
on the wind-down of the scheme until April 2003, and the Department
will be able to draw fully on the investment in the design and
development of the scheme.[26]

25. In addition, although the scheme was successful
in generating 2.6 million accounts, only 1.5 million had learning
registered by the time the scheme was closed. While a time lag
between registering and undertaking learning was to be expected,
some of the accounts had been "emptied" by unscrupulous
providers. Fraud investigations and compliance visits to providers
in 2001 and subsequently showed that 13 providers each registered
over 10,000 account holders. This represented a very large number
of learners recruited over a short time - more than the number
of part-time students studying at all but the largest further
education colleges. Two providers had over 30,000 learners. Moreover,
there is evidence that a significant number of accounts were opened
and incentives claimed without the knowledge or agreement of the
account holder, and that a quarter of learners registered as having
started learning had not done any.[29]

26. The Department currently has 70 staff working
on follow-up investigations, and has someone working with West
Midlands Police. Investigations include checking claims from about
700 providers. Some 153 are serious cases, of which 100 are already
with the police and 60 people have been arrested, 14 charged,
10 are awaiting court appearances, 10 have been cautioned, and
one has been sentenced to 9 months in prison. This is, however,
a complicated and time-consuming process since it involves getting
evidence that will convince the police and the Crown Prosecution
Service.[30]

27. In addition, the Department is pursuing another
400 providers. It is contacting 50,000 registered learners, to
ask whether they received learning. This should enable the Department
to make estimates of the scale of fraud and abuse overall, and
also for those providers which it has concerns about. It has written
to 158 providers where there are questions to be answered, where
money has been paid improperly or inappropriately, but stopping
short of fraud, and where it is seeking recovery of the money
paid. In most of these cases, the Department is withholding money
until a settlement has been reached. However, it is not yet possible
to estimate the amount likely to be recovered.[31]

28. The Department is cross-checking the companies
and individuals involved with the Learning and Skills Council,
and backwards to the Further Education Funding Council, to identify
where else these providers might be providing training. It is
also working with other Government Departments with a view to
cross-checking with them as well.[32]

29. Of those under investigation, some have been
linked to animal rights activity. Charges have been made against
3 providers, but the police do not have evidence to suggest that
funds obtained from the scheme have been used to support animal
rights activities.[33]

30. At the time of our hearing, about 95% of the
money outstanding had been paid. On cancellation of the scheme,
the Department froze payments due to providers, amounting to some
£15 million, while it carried out checks on legitimacy of
claims. The Department did not have total information on the number
of providers who had gone out of business as a result of the cancellation,
but knew of 13, mainly small, one person businesses. The Department
recognises that providers will be more cautious in participating
in any similar schemes in future.[34]

32. The Accounting Officer assured the Committee
that the lessons had been learned. For example, he had set in
place arrangements to ensure that everybody engaged with supplier
and contractor management was properly trained; had set up a unit
to support project management; and was undertaking a risk assessment
from the bottom to the top of the Department.[36]
In addition, the Department has strengthened its existing counter
fraud measures, by developing a Fraud Risk Assessment Strategy.
Its Special Investigations Unit is to become more proactive in
undertaking a programme of inspection work to detect irregularity
in those areas most exposed to the risk of fraud, and the results
of this work will support the level of assurance given by Internal
Audit to the Accounting Officer. The Department has also formed
a 'High Level Senior Management Risk Group', to alert the board
to key areas of risk, including the risk of fraud.[37]
The Department has developed and introduced an improved range
of training and development events including specific training
programmes, contract awareness sessions, contract surgeries and
master classes. Detailed guidance on the financial aspects of
contract management including risk assessment and financial monitoring
will also be available to staff on the Department's intranet.[38]